How to Brainstorm with Audit Team Members

When you are performing an audit, it’s a good idea to discuss how your client may be perpetrating fraud with your team members. Brainstorming is a very useful tool, as one member of the team may have an idea regarding client actions that you hadn’t considered, or lead you to consider some information you’ve obtained in a different way.

Two of the Statements on Auditing Standards (SAS) offer discussion action items for the audit team:

SAS 99, "Consideration of Fraud in a Financial Statement Audit": This one states that a brainstorming session must be held among audit team members to evaluate whether there’s a risk of material misstatement in the company’s financial statements due to fraud.

In a nutshell, material misstatements affect the overall accuracy of the financial statements. Fraud exists when the misstatements are done deliberately; an error exists when the misstatements are an inadvertent mistake.

SAS 109, "Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement": This one requires that members of the audit team hold a meeting to discuss the chance that the financial statements can contain material misstatement because of either fraud or error.

The audit team can hold these two discussions at the same time as long as it has a clear agenda to discuss fraud and errors separately. (Or the team can hold two separate meetings.)

It is important to have a clear understanding of how to handle fraud. Material errors aren’t exactly the best thing in the world to find on a client’s financial statements. However, you usually give the client a journal entry to correct the error, and as long as the client takes your advice on how to fix the error, you move along.

If you or someone on your audit team concludes that a misstatement is possibly the result of fraud, and if you think or know that the misstatement is or could be material, you must follow more expansive steps. These steps range from bringing the fraud to senior management’s attention to suggesting that the client confer with counsel regarding pursuing criminal charges to flat-out withdrawing from the audit.

With this understanding in mind, here are some possible areas of discussion for your brainstorming session:

Do the right circumstances exist to allow the financial statements to be materially misstated because of fraud? You use your evaluation of control, inherent, and detection risk to help you out. Control risk is the risk that the company’s internal controls won’t detect or prevent fraudulent mistakes. Inherent risk is the risk of material misstatement based on the nature of the client’s business. Detection risk is the risk that you won’t detect material errors.

Could management be acting fraudulently? For example, management deliberately falsifies inventory counts, which overstates ending inventory and understates cost of goods sold. Why might management do this? Well, managers are often judged on their department’s performance. The higher the department’s net income, the better the manager seems to be doing her job. And the yearly bonus is probably tied to those perceptions.

Keep in mind that auditing standards require that you ask management whether it has any knowledge of fraud taking place within the business. You should also query management about any allegations of fraud from employees or people outside the company.

How could company assets be waylaid? This type of fraud takes many forms. An employee who helps himself to inventory is a major misappropriation of company assets. Evaluating the client’s internal controls over inventory is a good way to assess the risk of fraudulent misuse of company assets.

How easy is it for management to override controls? The best internal controls are useless if nobody follows them. A casual attitude toward the control environment normally flows from the top down, with managers either ignoring internal controls or making it clear that they find such controls unnecessary.

One way to see whether management is overriding controls is to check out the authority level for journal entries posted directly to the books. For example, if a manager wants to increase net income and isn’t subject to his manager’s oversight, she could just book a journal entry increasing accounts receivable and increasing revenue.